RUMROM Bakery Privacy Policy

At RUMROM Bakery, we are committed to protecting the privacy and security of our customers. This Privacy Policy outlines how we collect, use, and safeguard the personal information you provide when using our website and mobile application.

Information We Collect

  1. Personal Information: When you create an account, place an order, or contact us, we may collect the following personal information:
    • Full Name (First and Last Name)
    • Email Address
    • Phone Number
    • Delivery Address
    • Payment Information (for processing orders)
  2. Customization Information: If you use the cake customization feature on our website, we will collect the details of your custom cake design, including any images, text, or other elements you provide.
  3. Usage Information: We may collect information about how you use our website and mobile app, such as the pages you visit, the items you browse or purchase, and the searches you perform.
  4. Device Information: We may collect information about the device you use to access our website or mobile app, such as the IP address, device type, and operating system.

How We Use Your Information

  1. Providing Our Services: We use your personal information to process your orders, deliver your purchases, and respond to your inquiries. Your customization information is used to create and fulfill your custom cake orders.
  2. Improving Our Services: We analyze usage information to better understand how our customers interact with our website and mobile app, and to improve the overall user experience.
  3. Communicating with You: We may use your contact information to send you updates, promotional offers, and other information about our bakery and its products, as well as to provide you with newsletters and other marketing materials.
  4. Complying with Laws: We may use your information as necessary to comply with applicable laws and regulations, such as tax reporting requirements.
  5. Protecting Our Business: We may use your information to detect, investigate, and prevent fraudulent transactions and other illegal activities.

How We Protect Your Information

We take the security of your personal information very seriously. We employ various security measures to protect the confidentiality of your data, including:

  • Encrypted storage and transmission of data
  • Access controls and role-based permissions
  • Regular security audits and penetration testing
  • Secure server infrastructure and network monitoring

Sharing Your Information

We do not sell or rent your personal information to third parties. However, we may share your information with the following trusted service providers who assist us in operating our business:

  • Payment processors (for processing your orders)
  • Delivery couriers (for fulfilling your orders)
  • Marketing and analytics providers (to help us better understand and serve our customers)

We may also share information as required by law or to protect our rights and property, such as in response to a subpoena or law enforcement request.

Your Choices

You have the right to access, update, or delete your personal information at any time. You can do so by contacting us at hello@rumrom.com or by accessing your account settings in our mobile app.

You can also opt-out of receiving marketing communications from us by clicking the “unsubscribe” link in any email we send or by contacting us.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on our website and mobile app, and we will update the “Effective Date” at the top of this document.

customer protection

Data Retention and Deletion:

  1.  
  • Explain how long you will retain customer data and the criteria used to determine retention periods.
  • Provide information on how customers can request the deletion of their personal information.
  • Describe your data deletion processes and timelines.
  • Explain your data retention policies, including the specific timeframes you will keep different types of customer data (e.g., account information, order history, customization data).
  • Outline the criteria and processes you use to determine when to delete or anonymize customer data, such as after a certain period of inactivity or upon customer request.
  • Provide clear instructions on how customers can submit requests to delete their personal information, including any forms or supporting documentation required.
  • Describe your data deletion methods (e.g., secure erasure, anonymization) and the timelines for completing customer deletion requests.

Third-Party Service Providers:

  • List the specific third-party service providers you use (e.g., payment processors, analytics providers) and describe the type of information shared with them.
  • Explain the measures you take to ensure these third parties protect customer data.
  • Provide information on how customers can contact these third-party providers directly if needed.
  • List the names of the key third-party service providers you work with (e.g., payment processor, delivery couriers, marketing/analytics platforms) and the types of data you share with them.
  • Explain the data processing and security measures these third parties have in place to protect customer information, such as the use of encryption, access controls, and privacy certifications.
  • Provide contact information or links to the privacy policies of these third-party service providers so customers can learn more about their data practices.
  • Commit to only working with third-party providers that demonstrate a strong commitment to data protection and customer privacy.

Data Transfers and International Data Flows:

  • If you transfer customer data to countries outside of Kuwait, explain the safeguards you have in place to protect the data.
  • Describe the legal mechanisms (e.g., Standard Contractual Clauses) used to enable these international data transfers.
  • If you transfer customer data outside of Kuwait, identify the specific countries or regions where the data may be processed.
  • Explain the legal mechanisms and data transfer safeguards you have implemented, such as the use of Standard Contractual Clauses or participation in approved data transfer frameworks.
  • Describe the technical and organizational measures you have in place to ensure an adequate level of protection for customer data during international transfers.
  • Provide information on how customers can obtain a copy of the relevant data transfer documentation or contact you for more details.

Data Subject Rights:

  • Provide detailed information on the rights customers have regarding their personal data, such as the right to access, rectify, port, or erase their data.
  • Explain the process customers can use to exercise these rights, including any forms or timelines.
  • Clearly enumerate the various rights customers have regarding their personal data, such as the right to access, rectify, port, or erase their information.
  • Outline the specific process customers can use to exercise each of these rights, including any forms, supporting documentation, or timelines for your response.
  • Explain how customers can submit requests to access or obtain a copy of their personal data, and any exceptions or limitations to this right.
  • Describe the steps you will take to verify the identity of customers submitting data access or deletion requests to ensure the security of their information.

Cookies and Tracking Technologies:

  • Describe the types of cookies and tracking technologies used on your website and mobile app.
  • Explain how customers can manage their cookie preferences and opt-out of certain data collection.
  • Provide information on how customer data is used for targeted advertising or analytics purposes.
  • Provide a comprehensive list of the different types of cookies and tracking technologies used on your website and mobile app (e.g., session cookies, persistent cookies, web beacons, pixels, analytics trackers).
  • Explain the purpose of each type of cookie or tracking technology, such as for essential functionality, personalization, analytics, or targeted advertising.
  • Describe how customers can manage their cookie preferences and opt-out of certain data collection practices through their browser settings or dedicated cookie management tools.
  • Specify whether you use any third-party advertising or analytics services that may also set cookies or track customer behavior, and provide instructions on how to opt-out of those services.
  • Outline how customer data collected through cookies and tracking is used for purposes such as personalization, targeted advertising, or website optimization.

Data Breaches and Incident Response:

  • Commit to notifying customers in the event of a data breach that may impact their personal information.
  • Explain the steps you will take to investigate, mitigate, and report the breach to relevant authorities.
  • Provide customers with information on how they can protect themselves in the event of a breach.
  • Commit to notifying customers in a timely manner (e.g., within 72 hours) if their personal information is involved in a data breach that poses a risk of harm.
  • Explain the specific information you will provide to customers in the event of a breach, such as the nature of the incident, the types of data involved, the steps you are taking to investigate and mitigate the breach, and any recommendations for customers to protect themselves.
  • Describe the internal processes and teams responsible for detecting, investigating, and responding to data security incidents, including any third-party forensic or legal experts you may engage.
  • Outline the regulatory bodies or authorities you will notify about the data breach, such as the relevant data protection agency, and any legal or contractual obligations you have to report such incidents.
  • Provide customers with guidance on how they can monitor their accounts and credit reports for any suspicious activity, as well as information on identity theft protection services you may offer or recommend.

Minors and Children’s Privacy:

  • If your services are targeted at or used by minors, include a section on your practices for collecting and protecting their personal information.
  • Explain any age restrictions or parental consent requirements for using your services.
  • Clearly state the minimum age requirement for using your services or creating an account, in accordance with applicable laws and regulations.
  • Explain the steps you take to verify the age of your users and obtain parental consent for the collection of personal information from minors, where required.
  • Describe any special data collection and processing practices you have in place for services or features targeted at children, such as the types of information collected, the purpose of collection, and any limitations on the use or sharing of that data.
  • Provide information on how parents can access, review, or request the deletion of their child’s personal information, and the process for submitting such requests.
  • Commit to not using children’s personal information for any commercial purposes, such as targeted advertising, without obtaining explicit parental consent.

Dispute Resolution and Complaints:

  • Provide information on how customers can contact you with privacy-related questions or complaints.
  • Describe your internal process for handling and resolving customer privacy concerns.
  • If applicable, mention any external dispute resolution mechanisms or regulatory bodies customers can engage with.
  • Provide multiple channels for customers to contact you with privacy-related questions or complaints, such as a dedicated email address, physical mailing address, and/or online contact form.
  • Describe your internal process for handling and investigating customer privacy concerns, including the timelines for acknowledging and resolving complaints.
  • If applicable, inform customers of any independent dispute resolution mechanisms or regulatory bodies they can contact if they are not satisfied with your response, such as a data protection authority or consumer protection agency.
  • Explain any alternative dispute resolution procedures you have in place, such as mediation or arbitration, and how customers can initiate these processes.
  • Commit to cooperating fully with any official investigations or inquiries related to customer privacy complaints or data breaches.

Contact Us

If you have any questions or concerns about our privacy practices, please don’t hesitate to contact us at hello@rumrom.com or WhatsApp number +965 99095385.

Shopping Cart